Hi, I have got some trouble in my workplace right now and the IT department also is investigating to solve this issues. I am one of the medical record officers at one of the private hospital in my country. The ransomware encrypts the data of several patient records on hospital computers, and only in exchange with 100 bitcoins the attackers decrypt the data again. This is critical for hospitals due to there are deal with very sensitive patient data.

Therefore, I would like to ask the solution on:
1.how to trace the evidence of ransomware?
2. Where to get the evidence and information about the sender?
3. Is it we can trace with the IP address?
4.How to decrypt the data without exchange of bitcoin from the attacker?
5.What is the prevention steps can be applied towards this ransomware attack?

I expect a response from all of you regarding this issues and maybe with your ideas/comments and solution can solve my cases.
Thank you.